package cn.dianhun.security.controller;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author cyt
 * @create 2020-07-18 12:31
 */
@RestController
public class TestAuthorize {
    /**
     * 所有都能访问
     */
    @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
    @RequestMapping("/addUser")
    public String addUser() {
        return "addUser";
    }
    /**
     * 具备 VIP 角色
     */
    @Secured("ROLE_VIP")
    @RequestMapping("/deleteUser")
    public String deleteUser() {
        return "deleteUser";
    }

    @PreAuthorize("hasRole('ROLE_VIP')")
    @RequestMapping("/selectUser")
    public String selectUser() {
        return "selectUser";
    }

    /**
     * 匿名访问
     * @return
     */
    @PreAuthorize("isAnonymous()")
    @RequestMapping("/updateUser")
    public String updateUser() {
        return "updateUser";
    }

    @PreAuthorize("hasAuthority('vip1')")
    @RequestMapping("/setUser")
    public String setUser() {
        return "setUser";
    }
}
